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8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 
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DETAILED ACTION 

1 . This action is responsive to communications: application 09784941 , filed 
2/15/2001; amendment filed 4/29/2005. 

2. Claims 1 , 2 4-7, 9- 19 are pending in the case. Claims 3,8 are cancelled. 

Response to Arguments 

3. Applicant's arguments filed 4/29/2005 have been fully considered. 

3.1. Rejections under 35 USC 112 are withdrawn from claims 1-19, because the 
objected limitations were removed due to amendments to claims. 

3.2. Applicant's arguments with respect to double patenting have been fully 
considered and are persuasive. Double patenting rejection is withdrawn. 

3.3. Applicant's arguments with respect to rejections under 35 USC 103(a) have been 
fully considered, but are not persuasive. See the following section for detailed 
explanation of claim limitations based on the referenced prior art, which includes new 
limitations from the amended claims. 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

5. Claims 1, 2, 4-7, 9-19 rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent Application Publication 2001/0021928 A1 to Ludwig (referenced cited 
in the office action dated 4/6/2005). 

5.1 . As per claim 1 , Ludwig is directed to a method of enforcing authorization in a 
shared process between at least two parties (paragraph 3 and paragraph 14 line 1) 
comprising: 

identifying a sender of a message requesting an action as part of the shared process; 
determining the party of the sender; 

associating the sender's party with a business relationship between the 
sender's party and the receiver's party as defined by an electronic contract, (Sender 
identity, its party and the business relationship between the sender's party and 
receiver's part are all identified in the role certificates. As described in paragraph 
52, during the process of creating the role certificates, signatories have checked 
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the details of transaction before signing it. The details of transaction, as indicated 
in item 66 of Fig. 6, include the name of requestor (sender name) and its party 
(the company, as shown in item 64 of Fig. 6). The transaction detail of form 
signature model used by Ludwig also makes an association between sender 
party and the business relationship between parties, as described in paragraph 
11), the electronic contract binding public keys for each of the parties with sub- 
processes of the shared process to assert a relationship of trust between the 
parties (Fig. 10 and paragraph 65 indicating use of keys to authenticate 
certificate owners and prove their authority to perform transactions); 
identifying terms and conditions of the electronic contract corresponding to the shared 
process; and verifying that the requested action corresponds to the terms and 
conditions and is allowable for the shared process by the sender (terms and conditions 
are all reflected in the role certificates, and verified as described in paragraphs 52 and 
86). 

5.2. As per claim 2, Ludwig is directed to the method of claim 1 , wherein verifying 
comprises at least one of using roles to determine that requested actions are 
sanctioned under the electronic contract, using digital certificates to determine 
processing systems implementing requested actions are authorized by the parties, and 
using public keys of the parties to verify adherence to the electronic contract (see 
paragraphs 52 and 86). 
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5.3. Claim 3 is cancelled. 
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5.4. As per claim 4, Ludwig is directed to the method of claim 1 , wherein at least a 
portion of the electronic contract is digitally signed by the at least two parties with their 
respective public keys prior to the sender sending the message (paragraph 115). 

5.5. As per claim 5, Ludwig is directed to the method of claim 1 , wherein the shared 
process is defined by Extended Markup language (XML lets web developers create 
customized tags that offer greater flexibility in presenting information than HTML. 
Ludwig uses HTML in presenting his transactions (paragraph 54). At the time of 
invention, it would have been obvious to a person skilled in art to use XML instead of 
HTML. The motivation would be benefiting from greater flexibility of XML.) 

5.6. As per claim 6, Ludwig is directed to the method of claim 1 , wherein verifying 
comprises qualifying semantics of security related decisions affecting the shared 
process using information from the electronic contract (paragraph 86). 

5.7. As per claim 7, Ludwig is directed to an article comprising: a storage medium 
having a plurality of machine readable instructions, wherein when the instructions are 
executed by a processor (Fig. 1 and 2 and paragraphs 36 to 42), the instructions 
provide for enforcing authorization in a shared process between at least two parties by 
identifying a sender of a message requesting an action as part of the shared process, 
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determining the party of the sender, associating the sender's party with a business 
relationship between the sender's party and the receiver's party as defined by an 
electronic contract(Sender identity, its party and the business relationship between the 
sender's party and receiver's part are all identified in the role certificates. As described 
in paragraph 52, during the process of creating the role certificates, signatories have 
checked the details of transaction before signing it. The details of transaction, as 
indicated in item 66 of Fig. 6, include the name of requestor (sender name) and its 
party (the company, as shown in item 64 of Fig. 6), the electronic contract binding 
public keys for each of the parties with sub-processes of the shared process to assert a 
relationship of trust between the parties (Fig. 10 and paragraph 65 indicating use of 
keys to authenticate certificate owners and prove their authority to perform 
transactions), identifying terms and conditions of the electronic contract corresponding 
to the shared process, and verifying that the requested action corresponds to the terms 
and conditions and is allowable for the shared process by the sender (terms and 
conditions are all reflected in the role certificates, and verified as described in 
paragraphs 52 and 86). 

5.8. Claim 8 is cancelled. 

5.9. As per claim 9, Ludwig is directed to the article of claim 7, wherein the electronic 
contract is digitally signed by the at least two parties with their respective public keys 
prior to the sender sending the message (paragraph 115). 



Application/Control Number: 09/784,941 
Art Unit: 2132 



Page 7 



5.10. As per claim 10, Ludwig is directed to an electronic contract (role certificate as 
described in paragraph 65) associating at least two parties with a shared process 
(paragraph 6) comprising: a first section to specify at least one party, other than the at 
least two parties, that represents a name space corresponding to a domain of 
cryptographic keys (in Fig. 10 the Transaction Authority is shown as one of the fields in 
the Role Certificate. The Transaction Authority represents the domain of keys, as 
described in paragraphs 93 and 11); 

a second section to associate the at least two parties liable under the electronic 
contract with a public key of a cryptographic key pair from the domain for each of the at 
least two parties (Fig 10 item 120 which associates the user with the role certificate, 
see paragraph 65), 

a third section to provide at least one of mapping of role names and sub-processes of 
the shared process, the electronic contract binding public keys for each of the parties 
with sub-processes (Fig. 10 and paragraph 65 indicating use of keys to authenticate 
certificate owners and prove their authority to perform transactions, also see response 
to claim 1); 

and a fourth section to allow each of the at least two parties to digitally sign at least a 
portion of the electronic contract with a private key of the cryptographic key pair for 
each of the at least two parties (paragraph 115). 
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5.1 1 . As per claim 1 1 , Ludwig is directed to the electronic contract of claim 10, further 
comprising a fifth section to specify information identifying at least one of the electronic 
contract and current revision level (As described in paragraph 65, the role certificate 
consist of several sections, one of which is administrative information. It would be 
obvious to a person skilled in art to use that section for any administrative information 
such as contract identification and current revision level). 

5.12. As per claim 12, Ludwig is directed to an electronic contract of claim 10, wherein 
the first section specifies a security standard used for unambiguous references to 
process definitions, protocols and names from which syntax and semantics of shared 
processes are derived (process definitions, protocols and names from which syntax 
and semantics of shared processes are derived can be all identified in the Transaction 
Authority, which is part of the Role Certificate. It would be obvious to a person skilled in 
art to use that field to point out security standards to identify protocols and process 
definitions, as exampled in paragraph 7). 

5.13. As per claim 13, Ludwig is directed to the electronic contract of claim 10, wherein 
the second section comprises at least one of a contract identifier, validity period, 
creation date, and contact information of the at least two parties (As described in 
paragraph 65, the role certificate consist of several sections, one of which is 
administrative information. It would be obvious to a person skilled in art to use that 
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section for any administrative information such as contract identifier, validity period, 
creation date, and contact information of the at least two parties). 

5.14. As per claim 14, Ludwig is directed to the electronic contact of claim 10, wherein 
the third section comprises information to specify syntax and semantics of role names 
(Fig. 10 item 122 and associated text). 

5.15. As per claim 15, Ludwig is directed to the electronic contract of claim 10, further 
comprising a sixth section defining ancillary services used in support of the shared 
process (As described in paragraph 65, the role certificate consist of several sections, 
one of which is administrative information. It would be obvious to a person skilled in art 
to use that section for ancillary services). 

5.16. As per claim 16, Ludwig is directed to the electronic contract of claim 15, wherein 
the ancillary services comprise saving archives relating to use of the shared process by 
the at least two parties (Ludwig suggests use of HTML forms to conduct transactions. 
Saving of archives can be initiated using HTML forms). 

5.17. As per claim 17, Ludwig is directed to the electronic contract of claim 15, wherein 
the ancillary services comprise performing audits relating to use of the shared process 
by the at least two parties ((Ludwig suggests use of HTML forms to conduct 
transactions. Auditing can be initiated using HTML forms). 
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5.18. As per claim 18, Ludwig is directed to the electronic contract of claim 15, wherein 
the ancillary services comprise timestamping the electronic contract (Ludwig suggests 
use of HTML forms to conduct transactions. Timestamping can be initiated using HTML 
forms). 

5.19. As per claim 19, Ludwig is directed to the electronic contract of claim 15, wherein 
the sixth section specifies a party, other than the at least two parties, that provides the 
ancillary services to the at least two parties as part of the shared process (Ludwig 
suggests use of HTML forms to conduct transactions. A party that provides ancillary 
services can be identified using HTML forms). 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3937. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status Information for unpublished applications Is available through Private PAIR only. 
For more Information about the PAIR system, see http://palr-dlrect.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Farid Homayounmehr ^ ^ , 



11/1/2005 




GILBERTO BARRON 3^ 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



